Hi,
I was wondering if some of you have already did some experiments with
9.10.3 and the AEP Keyper+ (openssl-1.01l patched) in order to create
ECDSA keys and sign zone. I was surprised I was able without issues to
create key objectss in the HSM with command :
> pkcs11-keygen -a ECDSAP256SHA256 -p **** -l TESTECC1
but when I try to create keys from this key objects, I have an
unexpected message:
> dnssec-keyfromlabel -a ECDSAP256SHA256 -l TESTECC1 -E pkcs11 test
dnssec-keyfromlabel: fatal: failed to get key test/ECDSAP256SHA256: algorithm
is unsupported
It is strange it is supported by pkcs11-keygen but not by
dnssec-keyfromlabel. This is the only algorithm with that kind of
behaviour.
This is my first test with ECDSA, am I missing something ??? If I don't
use the Keyper+, I can create ECDSA keys and sign zones with that keys,
strange isn't it ?
Regards.
Vincent.
--
Vincent Levigneron A.F.N.I.C. vincent.levigne...@nic.fr
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
